Generator-jhipster: Annotating @Secured(AuthoritiesConstants.ADMIN) is not working
Overview of the issue
Annotating @Secured(AuthoritiesConstants.ADMIN) is not working
Motivation for or Use Case
Annotating with @Secured must work as expected, in this case, other than ADMIN role must fail, but thats not happening.
Reproduce the error
Generate a fresh application
Change following test method of class
UserResourceIntTest.java
Change
@Test
@Transactional
public void createUser() throws Exception {
@Test
@Transactional
@WithMockUser(username="user", password = "user", authorities = {"ROLE_USER"})
public void createUser() throws Exception {
[email protected] /Users/sierra/jh/myapp
└── [email protected]
<details>
<summary>.yo-rc.json file</summary>
<pre>
{
"generator-jhipster": {
"promptValues": {
"packageName": "com.mycompany.myapp"
},
"jhipsterVersion": "4.14.4",
"baseName": "myapp",
"packageName": "com.mycompany.myapp",
"packageFolder": "com/mycompany/myapp",
"serverPort": "8080",
"authenticationType": "jwt",
"cacheProvider": "no",
"websocket": false,
"databaseType": "sql",
"devDatabaseType": "h2Disk",
"prodDatabaseType": "postgresql",
"searchEngine": false,
"messageBroker": false,
"serviceDiscoveryType": false,
"buildTool": "maven",
"enableSocialSignIn": false,
"enableSwaggerCodegen": false,
"jwtSecretKey": "replaced-by-jhipster-info",
"clientFramework": "angularX",
"useSass": false,
"clientPackageManager": "yarn",
"applicationType": "monolith",
"testFrameworks": [],
"jhiPrefix": "jhi",
"enableTranslation": false
}
}
</pre>
</details>
JDL entity definitions
Environment and Tools
java version "1.8.0_172"
Java(TM) SE Runtime Environment (build 1.8.0_172-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode)
git version 2.15.1 (Apple Git-101)
node: v8.11.2
npm: 6.0.1
yeoman: 2.0.2
yarn: 1.7.0
Docker version 18.03.1-ce, build 9ee9f40
docker-compose version 1.21.1, build 5a3f1a3
pmverma
All 4 comments
It's normal that it doesn't work in tests since they use a mock and security is not applied.
What does it give with a real server ?
To apply security in test, add apply(springSecurity()) to restUserMockMvc
cbornet
on 18 Jun 2018
@cbornet with real server, it is fine.
And thank you for the tip.
However I am still having problem and I have posted on SO.
https://stackoverflow.com/questions/50921852
I will close this issue as this is SO question.
Thanks
pmverma
on 19 Jun 2018
We should apply and verify security in the tests. This has been talked about many times but I guess nobody worked on it... As always PRs are very much welcome :smile:.
cbornet
on 19 Jun 2018
It's normal that it doesn't work in tests since they use a mock and security is not applied.
What does it give with a real server ?
To apply security in test, add apply(springSecurity()) to restUserMockMvc
@cbornet Can you give a little bit more detail? When I do what you are suggesting I get this exception:
springSecurityFilterChain cannot be null. Ensure a Bean with the name springSecurityFilterChain implementing Filter is present or inject the Filter to be used.
java.lang.IllegalStateException: springSecurityFilterChain cannot be null. Ensure a Bean with the name springSecurityFilterChain implementing Filter is present or inject the Filter to be used.
Edit: I got it working. See https://github.com/jhipster/generator-jhipster/issues/7374#issuecomment-417118011
RothAndrew
on 29 Aug 2018
Related issues
dronavallisaikrishna
·
3Comments
edvjacek
·
3Comments
shivroy121
·
3Comments
marcelinobadin
·
3Comments
sdoxsee
·
4Comments
Most helpful comment
It's normal that it doesn't work in tests since they use a mock and security is not applied.
What does it give with a real server ?
To apply security in test, add
apply(springSecurity())torestUserMockMvc